diff options
author | jonmv <venstad@gmail.com> | 2023-12-15 17:04:22 +0100 |
---|---|---|
committer | jonmv <venstad@gmail.com> | 2023-12-15 17:04:22 +0100 |
commit | 9cf9e62f0d97a0530936c829062320859d3db06c (patch) | |
tree | eb1fad9d94f1494eb065cd84985a277dd6d5c48c /zookeeper-client-common | |
parent | 28f8cf3e298d51ca703ceee36a992297d38637cc (diff) |
Revert "Merge pull request #29674 from vespa-engine/revert-29671-jonmv/reapply-zk-3.9.1"
This reverts commit 28f8cf3e298d51ca703ceee36a992297d38637cc, reversing
changes made to 3a9f89fe60e3420eed435daee435a4f8534c9512.
Diffstat (limited to 'zookeeper-client-common')
4 files changed, 23 insertions, 17 deletions
diff --git a/zookeeper-client-common/pom.xml b/zookeeper-client-common/pom.xml index 12ff1517e53..ccfdbd9a429 100644 --- a/zookeeper-client-common/pom.xml +++ b/zookeeper-client-common/pom.xml @@ -21,12 +21,25 @@ <scope>provided</scope> </dependency> <dependency> + <groupId>com.yahoo.vespa</groupId> + <artifactId>defaults</artifactId> + <version>${project.version}</version> + <scope>provided</scope> + </dependency> + <dependency> <groupId>org.apache.zookeeper</groupId> <artifactId>zookeeper</artifactId> <scope>provided</scope> </dependency> <!-- compile scope --> + <dependency> + <groupId>com.yahoo.vespa</groupId> + <artifactId>zookeeper-common</artifactId> + <version>${project.version}</version> + <scope>compile</scope> + </dependency> + <!-- test scope --> <dependency> <groupId>org.junit.jupiter</groupId> diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java index 9cc71eab96e..5772070d550 100644 --- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java +++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/VespaSslContextProvider.java @@ -1,25 +1,23 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; -import com.yahoo.security.tls.TransportSecurityUtils; +import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils; import javax.net.ssl.SSLContext; import java.util.function.Supplier; /** - * Provider for Vespa {@link SSLContext} instance to Zookeeper + misc utility methods for providing Vespa TLS specific ZK configuration. + * Provider for Vespa {@link SSLContext} instance to Zookeeper. * * @author bjorncs */ public class VespaSslContextProvider implements Supplier<SSLContext> { - private static final SSLContext sslContext = TransportSecurityUtils.getSystemTlsContext() - .map(tc -> tc.sslContext().context()).orElse(null); - @Override public SSLContext get() { - if (sslContext == null) throw new IllegalStateException("Vespa TLS is not enabled"); - return sslContext; + return VespaZookeeperTlsContextUtils.tlsContext() + .orElseThrow(() -> new IllegalStateException("Vespa TLS is not enabled")) + .sslContext().context(); } } diff --git a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java index 5c969454d11..af49fab0d40 100644 --- a/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java +++ b/zookeeper-client-common/src/main/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilder.java @@ -1,9 +1,8 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper.client; -import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.TlsContext; -import com.yahoo.security.tls.TransportSecurityUtils; +import com.yahoo.vespa.zookeeper.tls.VespaZookeeperTlsContextUtils; import org.apache.zookeeper.client.ZKClientConfig; import org.apache.zookeeper.server.quorum.QuorumPeerConfig; @@ -14,7 +13,6 @@ import java.nio.file.StandardCopyOption; import java.util.Arrays; import java.util.HashMap; import java.util.Map; -import java.util.Optional; import java.util.stream.Collectors; /** @@ -31,7 +29,7 @@ public class ZkClientConfigBuilder { public static final String SSL_CLIENTAUTH_PROPERTY = "zookeeper.ssl.clientAuth"; public static final String CLIENT_CONNECTION_SOCKET = "zookeeper.clientCnxnSocket"; - private static final TlsContext defaultTlsContext = getTlsContext().orElse(null); + private static final TlsContext defaultTlsContext = VespaZookeeperTlsContextUtils.tlsContext().orElse(null); private final TlsContext tlsContext; @@ -71,8 +69,8 @@ public class ZkClientConfigBuilder { builder.put(CLIENT_SECURE_PROPERTY, Boolean.toString(tlsContext != null)); builder.put(CLIENT_CONNECTION_SOCKET, "org.apache.zookeeper.ClientCnxnSocketNetty"); if (tlsContext != null) { - builder.put(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY, VespaSslContextProvider.class.getName()); String protocolsConfigValue = Arrays.stream(tlsContext.parameters().getProtocols()).sorted().collect(Collectors.joining(",")); + builder.put(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY, VespaSslContextProvider.class.getName()); builder.put(SSL_ENABLED_PROTOCOLS_PROPERTY, protocolsConfigValue); String ciphersConfigValue = Arrays.stream(tlsContext.parameters().getCipherSuites()).sorted().collect(Collectors.joining(",")); builder.put(SSL_ENABLED_CIPHERSUITES_PROPERTY, ciphersConfigValue); @@ -81,8 +79,4 @@ public class ZkClientConfigBuilder { return Map.copyOf(builder); } - private static Optional<TlsContext> getTlsContext() { - if (TransportSecurityUtils.getInsecureMixedMode() == MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) return Optional.empty(); - return TransportSecurityUtils.getSystemTlsContext(); - } } diff --git a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java index 56bfe8381c2..45ae68cb41d 100644 --- a/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java +++ b/zookeeper-client-common/src/test/java/com/yahoo/vespa/zookeeper/client/ZkClientConfigBuilderTest.java @@ -31,6 +31,7 @@ public class ZkClientConfigBuilderTest { assertEquals("org.apache.zookeeper.ClientCnxnSocketNetty", config.getProperty(CLIENT_CONNECTION_SOCKET)); assertNull(config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); assertNull(config.getProperty(SSL_CLIENTAUTH_PROPERTY)); + assertNull(config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); } @Test @@ -39,10 +40,10 @@ public class ZkClientConfigBuilderTest { ZKClientConfig config = builder.toConfig(); assertEquals("true", config.getProperty(CLIENT_SECURE_PROPERTY)); assertEquals("org.apache.zookeeper.ClientCnxnSocketNetty", config.getProperty(CLIENT_CONNECTION_SOCKET)); - assertEquals(com.yahoo.vespa.zookeeper.client.VespaSslContextProvider.class.getName(), config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); assertEquals("TLSv1.3", config.getProperty(SSL_ENABLED_PROTOCOLS_PROPERTY)); assertEquals("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", config.getProperty(SSL_ENABLED_CIPHERSUITES_PROPERTY)); assertEquals("NEED", config.getProperty(SSL_CLIENTAUTH_PROPERTY)); + assertEquals(VespaSslContextProvider.class.getName(), config.getProperty(SSL_CONTEXT_SUPPLIER_CLASS_PROPERTY)); } private static class MockTlsContext implements TlsContext { |